William Robinet
I manage the technical team that is behind AS197692 at Conostix S.A. in Luxembourg [0].
I've been working with free and opensource software on a daily basis for more than 25 years.
I contributed to the cleanup and enhancement efforts done on ssldump [1] lately.
I particularly enjoy tinkering with open and, not so open, hardware.
Contact: @wr@infosec.exchange
[0] https://www.conostix.com
[1] https://github.com/adulau/ssldump/
Sessions
Edition of DER encoded ASN.1 structures is a pretty tedious work when done manually.
Solutions to this problem exist. For instance, der-ascii [0] is a tool written in Go that helps with back and forth conversions from/to DER structures to/from a textual representation using a custom defined language.
I present a somehow short Perl script [1] that leverages the OpenSSL configuration language along with the ASN1_generate_nconf(3) function in order to achieve the same goal with almost no dependencies apart from Perl and OpenSSL.
This tool can be used to ease the exploitation of CVE-2022-0778 [2] & [3].
[0] https://github.com/google/der-ascii
[1] https://github.com/wllm-rbnt/asn1template
[2] https://www.openssl.org/news/secadv/20220315.txt
[3] https://github.com/drago-96/CVE-2022-0778#using-asn1-templates